System specification and refinement in temporal logic

  • Amir Pnueli
Invited Talk I
Part of the Lecture Notes in Computer Science book series (LNCS, volume 652)


We consider two types of specifications of reactive systems: requirement specification which lists properties the system should satisfy, and System specification which describes the response of the system to each incoming input. Some of the differences between these two styles of specification are analyzed with the conclusion that both types are needed in an orderly system development.

Traditionally, temporal logic was used for requirement specification while process algebras, such as csp and ccs, were used for system specification. Recent developments, mainly represented in Lamport's temporal logic of actions (tla), demonstrated that temporal logic can be used effectively also for system specification.

This paper explores the use of temporal logic for systems specification, evaluates some of the advantages and disadvantages of such a use, and demonstrates the use of temporal logic for refinement and systematic development of systems. To allow simulation of a single high level step by several lower level steps, we go back to the temporal logic tlr which is based on a dense time domain, such as the reals.


Temporal logic requirement specification system specification validation refinement simulation stuttering robustness temporal semantics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AL88]
    M. Abadi and L. Lamport. The existence of refinement mappings. In Proc. 3rd IEEE Symp. Logic in Comp. Sci., pages 165–175, 1988.Google Scholar
  2. [ALW89]
    M. Abadi, L. Lamport, and P. Wolper. Realizable and unrealizable concurrent program specifications. In Proc. 16th Int. Colloq. Aut. Lang. Prog., volume 372 of Lect. Notes in Comp. Sci., pages 1–17. Springer-Verlag, 1989.Google Scholar
  3. [AS85]
    B. Alpern and F.B. Schneider. Defining liveness. Info. Proc. Lett., 21:181–185, 1985.MathSciNetGoogle Scholar
  4. [BH81]
    A. Bernstein and P. K. Harter. Proving real time properties of programs with temporal logic. In Proceedings of the Eighth Symposium on Operating Systems Principles, pages 1–11. ACM, 1981.Google Scholar
  5. [BKP86]
    H. Barringer, R. Kuiper, and A. Pnueli. A really abstract concurrent model and its temporal logic. In Proc. 13th ACM Symp. Princ. of Prog. Lang., pages 173–183, 1986.Google Scholar
  6. [Bur84]
    J.P. Burgess. Basic tens logic. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, volume II, pages 89–133. D. Reidel Publishers, 1984.Google Scholar
  7. [CM88]
    K.M. Chandy and J. Misra. Parallel Program Design. Addison-Wesley, 1988.Google Scholar
  8. [CMP92]
    E.S. Chang, Z. Manna, and A. Pnueli. The safety-progress classification. In sub-series F: Computer and System Science, NATO Advanced Science Institutes Series. Springer-Verlag, 1992.Google Scholar
  9. [CPS89]
    R. Cleaveland, J. Parrow, and B. Steffen. The concurrency workbench. In J. Sifakis, editor, Automatic Verification Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci. Springer-Verlag, 1989.Google Scholar
  10. [DK90]
    E. Diepstraten and R. Kuiper. Abadi, lamport, and stark: Towards a proof theory for stuttering, dense domains and refinmement mappings. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness, Lecture Notes in Computer Science 430, pages 208–238. Springer-Verlag, 1990.Google Scholar
  11. [Fai85]
    R.E. Fairley. Software Engineering Concepts. McGraw-Hill, 1985.Google Scholar
  12. [Har87]
    D. Harel. Statecharts: A visual formalism for complex systems. Sci. Comp. Prog., 8:231–274, 1987.CrossRefGoogle Scholar
  13. [HLN+90]
    [HLN+90] D. Harel, H. Lachover, A. Naamad, A. Pnueli, M. Politi, R. Sherman, A. Shtull-Trauring, and M. Trakhtenbrot. Statemate: A working environment for the development of complex reactive systems. IEEE Trans. Software Engin., 16:403–414, 1990.CrossRefGoogle Scholar
  14. [HO83]
    B.T. Hailpern and S.S. Owicki. Modular verification of computer commuincation protocols. IEEE Trans. on Commun., COM-31(1):56–68, 1983.CrossRefGoogle Scholar
  15. [Hoa84]
    C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, London, 1984.Google Scholar
  16. [Lam77]
    L. Lamport. Proving the correctness of multiprocess programs. IEEE Trans. Software Engin., 3:125–143, 1977.Google Scholar
  17. [Lam83a]
    L. Lamport. Specifying concurrent program modules. ACM Trans. Prog. Lang. Sys., 5:190–222, 1983.CrossRefGoogle Scholar
  18. [Lam83b]
    L. Lamport. What good is temporal logic. In R.E.A. Mason, editor, Proc. IFIP 9th World Congress, pages 657–668. North-Holland, 1983.Google Scholar
  19. [Lam91]
    L. Lamport. The temporal logic of actions. Technical report, Digital Equipment Corporation, Systems Research Center, 1991.Google Scholar
  20. [LT89]
    N. Lynch and M. Tuttle. An introduction to input/output automata. CWI-Quarterly, 2(3):219–246, 1989.Google Scholar
  21. [Mil80]
    R. Milner. A Calculus of Communicating Systems. Lec. Notes in Comp. Sci. 94, Springer-Verlag, 1980.Google Scholar
  22. [MP91a]
    Z. Manna and A. Pnueli. Completing the temporal picture. Theor. Comp. Sci., 83(1):97–130, 1991.CrossRefGoogle Scholar
  23. [MP91b]
    Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, New York, 1991.Google Scholar
  24. [Ost90]
    J.S. Ostroff. Temporal Logic of Real-Time Systems. Advanced Software Development Series. Research Studies Press (John Wiley & Sons), Taunton, England, 1990.Google Scholar
  25. [Pnu77]
    A. Pnueli. The temporal logic of programs. In Proc. 18th IEEE Symp. Found. of Comp. Sci., pages 46–57, 1977.Google Scholar
  26. [Pnu86]
    A. Pnueli. Specification and development of reactive systems. In H.-J. Kugler, editor, Information Processing 86, pages 845–858. IFIP, North-Holland, 1986.Google Scholar
  27. [Pnu81]
    A. Pnueli. The temporal semantics of concurrent programs. Theoretical Computer Science, 13:1–20, 81.Google Scholar
  28. [SCFM84]
    A.P. Sistla, E.M. Clarke, N. Francez, and A.R. Meyer. Can message buffers be axiomatized in temporal logic? Inf. and Cont., 63(1,2):88–112, 1984.CrossRefGoogle Scholar
  29. [Sta84]
    E.W. Stark. Foundations of a Theory of Specificaitons for Distributed Systems. PhD thesis, M.I.T, 1984.Google Scholar
  30. [Sta88]
    E.W. Stark. Proving entailments between conceptual state specifications. Theor. Comp. Sci., 56:135–154, 1988.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Amir Pnueli
    • 1
  1. 1.Department of Applied Mathematics and Computer ScienceWeizmann InstituteRehovotIsrael

Personalised recommendations